CVE-2007-3163

Description

Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658.

How to fix CVE-2007-3163

To remediate CVE-2007-3163, upgrade the affected package to a fixed version below.

• Debian/moin—upgrade to 1.5.8-4.1 or later

Is CVE-2007-3163 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.5.8-4.1

References (8)

• ADVISORYha.ckers.org/blog/20070606/additional-image-bypass-on-windows/
• ADVISORYsecunia.com/advisories/25719
• ADVISORYsecunia.com/advisories/25923
• WEBosvdb.org/37554
• WEBexchange.xforce.ibmcloud.com